CVE-2025-53644

medium

Description

OpenCV is an Open Source Computer Vision Library. Versions prior to 4.12.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.

References

https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/

https://github.com/opencv/opencv/releases/tag/4.12.0

https://github.com/opencv/opencv/issues/27271

https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466

Details

Source: Mitre, NVD

Published: 2025-07-17

Updated: 2025-08-05

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 6.6

Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00042

Detections

Analytics